Invision Power Services Invision Gallery — known CVE vulnerabilities
Every CVE whose affected-product data names Invision Power Services Invision Gallery, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (9)
CVE-2004-1835 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in index.php in Invision Gallery 1.0.1 allow remote attackers to execute arbitrary SQL via the (1)…
CVE-2005-1948 — CVSS 7.5 (high): Multiple SQL injection vulnerabilities in Invision Gallery before 1.3.1 allow remote attackers to execute arbitrary SQL commands via (1)…
CVE-2005-3395 — CVSS 7.5 (high): SQL injection vulnerability in Invision Gallery 2.0.3 allows remote attackers to execute arbitrary SQL commands via the st parameter.
CVE-2006-5206 — CVSS 7.5 (high): SQL injection vulnerability in Invision Gallery 2.0.7 allows remote attackers to execute arbitrary SQL commands via the album parameter in…
CVE-2006-6370 — CVSS 7.5 (high): SQL injection vulnerability in forum/modules/gallery/post.php in Invision Gallery 2.0.7 allows remote attackers to cause a denial of…
CVE-2008-0421 — CVSS 7.5 (high): SQL injection vulnerability in Invision Gallery 2.0.7 and earlier allows remote attackers to execute arbitrary SQL commands via the album…
CVE-2006-2202 — CVSS 6.4 (medium): SQL injection vulnerability in post.php in Invision Gallery 2.0.6 allows remote attackers to execute arbitrary SQL commands via the album…
CVE-2006-5205 — CVSS 5.0 (medium): Directory traversal vulnerability in Invision Gallery 2.0.7 allows remote attackers to read arbitrary files via a .. (dot dot) sequence in…
CVE-2005-3477 — CVSS 4.3 (medium): Multiple interpretation error in the image upload handling code in Invision Gallery 2.0.3 allows remote attackers to conduct cross-site…